envelopecontact us

phone1-301-495-0477

Recommendation on Unannounced Audits PublishedThis past September, the EU Commission issued a Recommendation (2013/473/EU) on the audits and assessments that notified bodies perform for medical devices.

This much‐anticipated Recommendation outlines, in particular, the proposed requirements for conducting the unannounced audits, what they should cover, and obligations for both the manufacturer and the notified body in the performance of these unannounced audits. At the beginning of the reformation process for the European medical device regulatory scheme, Commissioner John Dallí issued recommended an action plan for the EU Commission to enact to tighten controls, increase surveillance, and restore confidence.1 The actions and recommendations are roughly mirrored in the medical device regulation revisions, currently making their way through the EU legislative process. Time is of the essence for many of these actions, so this Recommendation is also a way to ensure that the public health is protected at a high level in the interim period before the new regulations come into effect.

Background

Notified bodies have had the authority to perform unannounced audits according to the medical devices directives. They have not, however, systematically performed these unannounced audits. This Recommendation, directed to the Member States for their notified bodies and expected to be implemented by each Member State quickly, obligates notified bodies to perform unannounced audits. 

What is the difference between a Recommendation and other legislations?

In the EU, a Recommendation is exactly that – a recommendation – that is directed to and acts upon the Member States. The Member States then may enact legislation that takes account of the points in the Recommendation. As can be assumed, Recommendations have no legal weight; however they do carry great political weight. Regardless of the legal weight that a Recommendation carries, the Member States are not anticipated to put off this Recommendation regarding unannounced audits s as they may have for other Recommendations. The obligation for notified bodies to perform unannounced audits is reflected in each version of the proposed revisions to the medical device regulatory scheme, which are Regulations that don’t require Member State agreement to be implemented. In addition, there is great pressure not only on notified bodies but competent authorities as well to show that they are taking active roles in protecting the public health, after taking hits during a few major healthcare scandals.

The Recommendation on Audits and Assessments

According to the Recommendation, the purpose behind its creation is, “To facilitate the consistent application of the conformity assessment provisions contained in [the medical devices directives].”2 The Recommendation is divided into four parts: the beginning clauses that state the purpose and general guidelines, and three Annexes that pertain to product assessment, quality management system assessments, and the unannounced audits themselves. Each Annex outlines the minimum requirements of what the notified body would focus on during that type of assessment. While the directives spell out the manufacturer’s regulatory requirements, requirements for notified bodies
could be more specific in order to avoid different level of interpretation. This Recommendation also covers the minimum content of notified body audits.

Annex I – Product Assessment

Annex I is devoted to product assessment, according to the design dossier examination and type examination provisions and lays out what notified bodies must verify. A few of the most pertinent of these requirements are:

• The notified body should verify that the device is a “medical device,” has a medical purpose, what its class is, and that it complies with the relevant Essential Requirements. Medical devices must have a medical purpose; for instance, a cosmetic or non‐medical intended use is not appropriate for a product to be a medical device according to the directives. Likewise, the medical device must conform to the Essential Requirements in order to apply CE‐marking. At LNE/G‐MED, we systematically verify that the product is a medical device and its classification prior to the assessment to ensure that both we and the manufacturer are on the same page.

• The notified body should verify that the risk management requirements in the Essential Requirements are met.

• The notified body should verify that their certificate covers the types of devices that the manufacturer intends it to cover, and that the declaration of conformity and the technical documentation match the devices that are assessed. The notified body needs to know what is
on the market under its certificates.

In addition to these points, a footnote in the text states that the technical documentation should at least cover the requirements in the GHTF document, “Summary Technical Documentation for Demonstrating Conformity to the Essential Principles of Safety and Performance of Medical Devices (STED).”

Annex II – Quality System Assessment

Annex II is devoted to the quality system assessments that notified bodies perform with respect to CE marking medical devices. The requirements focus on how the notified body should verify that the appropriate and required elements to the quality system are in place and functioning as they should. Some of these requirements are:

• The notified body should verify that application of the quality system assures the conformity of the devices.

• For medical devices in Class IIa or IIb, the notified body should review the technical documentation on the basis of representative samples.

• The notified body should verify the manufacturer’s business organization is appropriate for ensuring the conformity of the quality system and of the medical devices.

• The product identification system should ensure that the notified body’s certificates, the manufacturer’s declarations of conformity and the manufacturer’s technical documentations can unequivocally be attributed to certain devices and not to others.

• The procedures regarding the design and product development, including any change control procedures, should appropriate to ensure the compliance of the devices.

• The manufacturer has work instructions on the required processes, such as product identification, controlling for nonconforming product, and risk management. The Recommendation states that notified bodies should sample the product documentation to ensure that these work instructions actually work as they are supposed to, instead of simply verifying that they are in place.

• The notified body should verify that the manufacturer has adequate controls of traceability and that they can collect the necessary vigilance data systematically. In addition, this vigilance data should result in any necessary improvements of the devices, and that these improvements are initiated.

• The notified body should verify that the manufacturer’s business organization is such that its quality system is allowed to function as required. This includes the control over the manufacturer’s subcontractors, which the notified body may audit on site. A statement about
subcontractors states that the notified body shouldn’t engage a manufacturer that does not allow access to all its critical subcontractors, regardless of the relationship between the manufacturer and its subcontractors.

Overall, the notified body needs to be able to see that the manufacturer’s entire quality management system complies with its regulatory requirements and functions as it should, ensuring continual device safety and performance. It should be noted that even if a manufacturer uses a notified body to perform EN ISO 13485 audits and certification, this Recommendation only applies if the manufacturer also places a CE‐marking on their products. This is because EN ISO 13485 isn’t a regulatory requirement in Europe.

Annex III – Unannounced Audits

Annex III of the Recommendation gives recommendations for the frequency, length, and content of the unannounced audits that notified bodies perform. It should be emphasized that this Recommendation doesn’t focus only on unannounced audits, but rather on audits generally and how they would be performed. Specifically for unannounced audits, the Recommendation states:

• Notified bodies should conduct at least one unannounced audit every three years that lasts at least one day with at least two auditors. Notified bodies can perform more unannounced audits if the devices are high‐risk, if the devices are frequently non‐compliant, and if the notified body receives information that points to suspected nonconformities of either the product or the manufacturer.

• Notified bodies should perform unannounced audits on the manufacturer’s critical subcontractors, instead or in addition to, the manufacturer’s audits.

• Notified bodies should sample the products during the unannounced audits, review them and/or test them to ensure that they meet the Essential Requirements. For testing, either the notified body may witness the manufacturer testing the product, or the notified body may take the product and test it itself in its facilities. To perform the test, the notified body requests all the technical documentation, including testing records, from the manufacturer to verify the products’ conformity.

• Notified bodies should sample the products according to the number of types of devices if the notified body also performs the product assessments. Likewise, the notified body would verify that the manufacturing activity at the time of the audit conforms to the manufacturer’s quality system.

Next Steps for Manufacturers

While these points may seem extensive, manufacturers should keep in mind that the main purpose of the Recommendation is to harmonize the different practices of the notified bodies. LNE/GMED’s audit scopes and practices, for example, would not dramatically change from what is currently practiced by our auditors. Regardless, there are some additional hard‐line requirements that manufacturers should plan for:

• Contracts with sub‐contractors. Notified bodies should have total access to a manufacturer’s sub‐contractor. Manufacturers should amend their contracts with their sub‐contractor in order to allow this to happen, regardless of the length of the relationship between the manufacturer and the sub‐contractor. It is reasonable that if a sub‐contractor does not allow a notified body to audit its facility, there would be major consequences for the manufacturer.

• Revise and create any new processes. There are no additional requirements addressing the manufacturers. Nevertheless, having a better understanding for a NB auditor/ assessor’s objectives, manufacturers may feel the need to beef‐up or improve some of their processes that are already in place in order to plainly show how they function, or help them to function better.

•  Revisit relationships with sub‐contractors. If a manufacturer does not exercise adequate control over a sub‐contractor’s activities, the manufacturer should revisit its relationship or revise its procedures to exercise that control. Manufacturers can delegate activities, but they cannot delegate their regulatory responsibilities. In this sense, manufacturers should ensure that their relationship with their sub‐contractor reflects this reality

• New contracts with their notified body. Notified bodies will send contracts amendments to be executed to their clients that include provisions allowing them to perform unannounced audits (if the contract did not have the provisions already), as well as standing invitation letters so that auditors can receive visas to audit different facilities if needed.

These steps may seem to be easier said than done, especially for smaller and medium‐sized medical device manufacturers. However, it is imperative that these and any other necessary steps are complete if the manufacturer wishes to avoid nonconformities.

Notified bodies will probably start to systematically perform the unannounced audits at the beginning of 2014. In the meantime, manufacturers can get ready for the upcoming changes by analyzing their products’ technical documentation and quality systems to make sure it is continually ready for an audit. LNE/G‐MED, along with the other notified bodies, will inform its clients about the changes that are specific to them in the coming months. In the meantime, LNE/G‐MED’s technical and regulatory teams are always happy to answer questions from medical device manufacturers as to how the unannounced audits will be implemented. If you have questions, contact us.

LNE DOWNLOAD PDF Download this newsletter in pdf format here.

MDSAP Prepare the transition, worldwide market access

combo ISO 13485 9001

Questions?

We serve your passion for progress in the Medical Device (MD) and In Vitro Diagnostics (IVD) industry from the United States

   1-301-495-0477

lne gmed arrow Submit a request

clientsWe're Hiring!

Due to rapid growth in North America, we're seeking Lead Auditors and Certification Project Managers responsible for medical device manufacturing clients.

Don't have an account yet? Register Now!

Sign in to your account